2 SSD Drives Install Full Disk Encryption [Solved]

[TrulyAuthentic]

Hello

I just ordered a new laptop. The laptop comes with a 128 GB PCIe SSD. I also plan to buy a 512 GB SATA SSD and to install it manually inside the laptop.

Next, I would like to purge Windows 10, and install Linux on the 128 GB drive (as PCIe seems much faster than SATA.)

For the Linux install, I want to place /boot and /root on the 128 GB SSD, and /home and perhaps a /swap partition on the 512 GB SSD (I'll adjust the swappiness so the SSD doesn't swap much.)

Lastly, I would want to use full disk encryption over the two drives.

Is this a process that the MX Linux installer can support, or would I have to jump through extra hoops after installation, in order to make this work?

Thanks

[JayM]

Before removing Windows, go to your new laptop's support page and find out how to go about updating the BIOS. Some systems only have Windows-based firmware update utilities. If yours is one of them you should plan to shrink Windows and install MX as dual-boot as sometimes there are critical firmware releases that fix things that are buggy or broken or that patch security flaws.

The answer to installing MX with full disk encryption may be found in the installer's help. Boot the live USB, click the installer icon to launch it, click the Help button. You can close the installer without it actually installing anything.

The answer to how to encrypt an additional non-system drive using LUKS, VeraCrypt, etc. in Linux may be found in a web search as the methodology is the same accross all Linux distros. MX Linux doesn't (to my knowledge) have any GUI tool for encrypting disk volumes.

[fehlix]

I just ordered a new laptop. The laptop comes with a 128 GB PCIe SSD. I also plan to buy a 512 GB SATA SSD and to install it manually inside the laptop.

For the Linux install, I want to place /boot and /root on the 128 GB SSD, and /home and perhaps a /swap partition on the 512 GB SSD (I'll adjust the swappiness so the SSD doesn't swap much.)

Lastly, I would want to use full disk encryption over the two drives.

Just tried it, and run something similar to the mentioned installation goal.

Booted into a VM, with two attached virtual drives.

** Preparation:
Boot from MX LiveUSB
Open Gparted.
Create Partition Table ( Gparted -> Menu -> Device -> New partition table : "gpt" )

* Create new partitions on 1st drive ( in my VM called vda ):
1. vda1 : ESP ( EFI System Partion ): size 640 MB : Filesystem fat32 : label ESP
after creation: Rightclick -> Manage flags : select esp,boot
2. vda2: boot : size 640 MB : : Filesystem ext4 : label boot
3. vda3: root : size rest of drive MB : Filesystem ext4 : label root ( Note this will become encrypted )

* Create new partitions on 2nd drive ( in my VM called vdb ):
4. vdb1 : home : size as you like MB : filesystem ext4 : label home ( Note this will become encrypted )
5. vdb2 : swap : size as you like : filesystem linuxswap : label swap ( Note this will become encrypted )

* Now open MX Installer :
It may look similar to this: ( ignore the grub_bios partition )
and select accordingly.

minstaller-encryoted-2-drives.png

* At the end of the installer do not tick reboot now,
but finish the installer without reboot.
Open Gparted to check:
1st drive:

gparted-vda.png

( Ignore home partition on vda5 - is is not used -
instead I used the encrypted home partition on 2nd drive vdb1)

2n drive:

gparted-vdb.png

So far it looks good. But we need fix something, here
the ESP partition is missing the esp-boot flag.
So open Gparted again select ESP partition on 1st drive and mark the ESP with those flags,
so it look like this:

gparted-vda_esp_flags.png

Now reboot.
HTH

+++EDIT+++
Note to developer @AK-47 , @Adrian , @dolphin_oracle
In the shown installation latest mx-installer 21.6.01 on buster was used. IIRC, resetting esp-flags of on existing EFI System Partition, when selecting the ESP for use, was already fixed in earlier version. But have to admit not having checked all earlier versions regarding this issue.

[TrulyAuthentic]

Before removing Windows, go to your new laptop's support page and find out how to go about updating the BIOS. Some systems only have Windows-based firmware update utilities. If yours is one of them you should plan to shrink Windows and install MX as dual-boot as sometimes there are critical firmware releases that fix things that are buggy or broken or that patch security flaws.

The answer to installing MX with full disk encryption may be found in the installer's help. Boot the live USB, click the installer icon to launch it, click the Help button. You can close the installer without it actually installing anything.

The answer to how to encrypt an additional non-system drive using LUKS, VeraCrypt, etc. in Linux may be found in a web search as the methodology is the same accross all Linux distros. MX Linux doesn't (to my knowledge) have any GUI tool for encrypting disk volumes.

Thanks for the reminder. I was planning to update the BIOS before removing Windows. It's a Dell, so it might support Linux, but odds are it's easier with Windows anyway.

I have a portable 128 GB SSD. I was thinking that I'd try to use the "Create Disk Image" option in Gnome Disks, to see if I can copy the Windows image to the SSD. Either that, or perhaps Dell comes with a way to make a backup DVD set, or USB drive or something. I won't erase Windows until I'm sure I can get it back if need be.

Normally when I install MX Linux, I choose to use the whole drive, and choose the option to enable full disk encryption. That works like a charm. Unfortunately with two drives, I'm doubtful that it will work that easily.

Thanks for the response!

[TrulyAuthentic]

I just ordered a new laptop. The laptop comes with a 128 GB PCIe SSD. I also plan to buy a 512 GB SATA SSD and to install it manually inside the laptop.

For the Linux install, I want to place /boot and /root on the 128 GB SSD, and /home and perhaps a /swap partition on the 512 GB SSD (I'll adjust the swappiness so the SSD doesn't swap much.)

Lastly, I would want to use full disk encryption over the two drives.

Just tried it, and run something similar to the mentioned installation goal.

Booted into a VM, with two attached virtual drives.

** Preparation:
Boot from MX LiveUSB
Open Gparted.
Create Partition Table ( Gparted -> Menu -> Device -> New partition table : "gpt" )

* Create new partitions on 1st drive ( in my VM called vda ):
1. vda1 : ESP ( EFI System Partion ): size 640 MB : Filesystem fat32 : label ESP
after creation: Rightclick -> Manage flags : select esp,boot
2. vda2: boot : size 640 MB : : Filesystem ext4 : label boot
3. vda3: root : size rest of drive MB : Filesystem ext4 : label root ( Note this will become encrypted )

* Create new partitions on 2nd drive ( in my VM called vdb ):
4. vdb1 : home : size as you like MB : filesystem ext4 : label home ( Note this will become encrypted )
5. vdb2 : swap : size as you like : filesystem linuxswap : label swap ( Note this will become encrypted )

* Now open MX Installer :
It may look similar to this: ( ignore the grub_bios partition )
and select accordingly.
minstaller-encryoted-2-drives.png
* At the end of the installer do not tick reboot now,
but finish the installer without reboot.
Open Gparted to check:
1st drive:
gparted-vda.png
( Ignore home partition on vda5 - is is not used -
instead I used the encrypted home partition on 2nd drive vdb1)

2n drive:
gparted-vdb.png

So far it looks good. But we need fix something, here
the ESP partition is missing the esp-boot flag.
So open Gparted again select ESP partition on 1st drive and mark the ESP with those flags,
so it look like this:
gparted-vda_esp_flags.png
Now reboot.
HTH

+++EDIT+++
Note to developer @AK-47 , @Adrian , @dolphin_oracle
In the shown installation latest mx-installer 21.6.01 on buster was used. IIRC, resetting esp-flags of on existing EFI System Partition, when selecting the ESP for use, was already fixed in earlier version. But have to admit not having checked all earlier versions regarding this issue.

Thank you Fehlix for going to that much trouble to answer my question! It is much appreciated!

I will make sure to have your guide handy, when I go through the process of installing MX Linux on to my new laptop.

[TrulyAuthentic]

This laptop will be my first UEFI computer. I've been stuck in the stone age, I know...

This is the first I've heard of needing two boot partitions. Is it really necessary to create both boot partitions if I am only single booting Linux?

[fehlix]

This laptop will be my first UEFI computer. I've been stuck in the stone age, I know...

If the laptop supports it you could also stay with non-UEFI, aka BIOS/legacy/CSM with MBR(msdos)-partition layout instead of GPT.

This is the first I've heard of needing two boot partitions. Is it really necessary to create both boot partitions if I am only single booting Linux?

MX Installer is needing an un-encrypted boot partition only, if user want to have root-partition encrypted.
Boot partition is not needed for un-encrypted installs.
+++EDIT+++
Not sure what you mean with "two boot partitions". In the example install shown above,
there is one ESP (EFI System Partition), which is needed by UEFI to find the EFI boot loader.
And one boot-partition »/boot«, which is un-encrypted to hold the GRUB-boot loader/modules and the linux boot image.

[TrulyAuthentic]

Ubuntu and Manjaro use the Fat32 EFI partition for everything, so a separate ext4 /boot partition is not necessary.

The process went flawlessly. Thanks!